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Object Identifier Registry for the PKIX Working Group 
Abstract 


When the Public-Key Infrastructure using X.509 (PKIX) Working Group 
was chartered, an object identifier arc was allocated by IANA for use 
by that working group. This document describes the object 
identifiers that were assigned in that arc, returns control of that 
arc to IANA, and establishes IANA allocation policies for any future 
assignments within that arc. 


Status of This Memo 


This document is not an Internet Standards Track specification; it is 
published for informational purposes. 


This document is a product of the Internet Engineering Task Force 


(IETF). It represents the consensus of the IETF community. It has 
received public review and has been approved for publication by the 
Internet Engineering Steering Group (IESG). Not all documents 


approved by the IESG are a candidate for any level of Internet 
Standard; see Section 2 of RFC 5741. 


Information about the current status of this document, any errata, 
and how to provide feedback on it may be obtained at 
http://www.rfc-editor.org/info/rfc7299. 


Copyright Notice 


Copyright (c) 2014 IETF Trust and the persons identified as the 
document authors. All rights reserved. 


This document is subject to BCP 78 and the IETF Trust’s Legal 
Provisions Relating to IETF Documents 
(http://trustee.ietf.org/license-info) in effect on the date of 
publication of this document. Please review these documents 
carefully, as they describe your rights and restrictions with respect 
to this document. Code Components extracted from this document must 
include Simplified BSD License text as described in Section 4.e of 
the Trust Legal Provisions and are provided without warranty as 
described in the Simplified BSD License. 


Housley Informational [Page 1] 


RFC 7299 PKIX OID Registry July 2014 


Table of Contents 


di EME ROAUCEL OMS nee eaeoe ee ats Peston O etek eee. a E ecard let Sete ieee Ble trata ent 3 
2; Subordinate, Object Identifier ACS iid basis ie ee ee Sera es ks 3 
Sin LANA CONS TOSTAELONS ye se eee Sete Spit EE ty ese t ETE EE ERE anions ts r ten eles Se 6 
3.1. Update to "SMI Security for Mechanism Codes" Registry ...... 6 
332%, “SMT Security for “PKEX" REGIS UE: seserian eaa SS ea ee eo es ene ie 6 
3.3. "SMI Security for PKIX Module Identifier" Registry ......... 7 
3.4. "SMI Security for PKIX Certificate Extension" Registry ..... 9 
3.5. "SMI Security for PKIX Policy Qualifier" Registry ......... 10 
3.6. "SMI Security for PKIX Extended Key Purpose" Registry ..... 10 
3.7. "SMI Security for PKIX CMP Information Types" Registry ....11 
3.8. "SMI Security for PKIX CRMF Registration" Registry ........ 12 
3.9. "SMI Security for PKIX CRMF Registration Controls" 
REGUSELY senese eee Deal tae Sere Sy Bi See hg ers 8 Behe led wes 1 gba SW See) Sia gs Eee Se 12 
3.10. "SMI Security for PKIX CRMF Registration 
Information -Registry & drsecds sieve Ss wcd Welle oe pio we Ailes wee ease evens 12 
3.11. "SMI Security for PKIX Algorithms" Registry .............. 13 
3.12. "SMI Security for PKIX CMC Controls" Registry ............ 13 
3.13. "SMI Security for PKIX CMC GLA Requests and 
RESpoONnsesi< REGUSE LY” maca sa a E a 4 reals ace neve Sie ENA E 14 
3.14. "SMI Security for PKIX Other Name Forms" Registry ........ 15 
3.15. "SMI Security for PKIX Personal Data Attributes" 
REGTSERY: aua Guanes hee eda San ge ec ged Seach es OR ang el de lersee Bee wees Vege 15 
3.16. "SMI Security for PKIX Attribute Certificate 
Attributés™ -Registry ee eS bee ee Dre Sete ea Bes See ale She Oe ee 16 
3.17. "SMI Security for PKIX Qualified Certificate 
Statements REGPSELY® ses bee eas oS eee Roar Veen sree and Badly ond Mae TSS cone 16 
3.18. "SMI Security for PKIX CMC Content Types" Registry ....... 16 
3.19. "SMI Security for PKIX OIDs Used Only for 
TESCANG” “REGISERY™ ooo oe tind drat bend ero. ae 4 a pea eter evden ie oat tei a e ed Dileep elon 17 
3.20. "SMI Security for PKIX Certificate Policies" Registry ....17 
3.21. "SMI Security for PKIX CMC Error Types" Registry ......... 17 
3.22. "SMI Security for PKIX Revocation Information 
Types REGUSELY? smee Clone dood geeks died Seeds lon E ee te edn Bima EEE S coh 18 
3.23. "SMI Security for PKIX SCVP Check Types" Registry ........ 18 
3.24. "SMI Security for PKIX SCVP Want Back Types" Registry ....19 
3.25. "SMI Security for PKIX SCVP Validation Policies 
and Algorithms” RegEStEy sre esd eee eke; Mo ia BFS ee edee a wees Sears 20 
3.26. "SMI Security for PKIX SCVP Name Validation 
POI CY JETrOors.”, Registry cA3 44 ise bls locate BA ae ibd a soe te 20 
3.27. "SMI Security for PKIX SCVP Basic Validation 
POLLCY- Errors “REGUSELY~ dion sete Oi Sie hat ary Me a See ay Soe eae ard 21 
3.28. "SMI Security for PKIX SCVP Distinguished Name 
Validation Policy Errors" Registry ...........- eee eee eee ee 21 
3.29. "SMI Security for PKIX Other Logotype 
Tadentifiers™ ReEgLStEY seis aze! biel ied eaaa n le: a E eet Se eae 22 


Housley Informational [Page 2] 


RFC 7299 PKIX OID Registry July 2014 


3.30. "SMI Security for PKIX Proxy Certificate Policy 


Thanguages”™ -REgvstrey sis «sere Pelee ete. hie ween Sk oe ee al Pardee ears Wesek 22 
3.31. "SMI Security for PKIX Proxy Matching Rules" Registry ....22 
3.32. "SMI Security for PKIX Subject Key Identifier 
Semantics “REGLS CCV more ave ern lee alana sere eer eine agate A E E E EEE eos 23 
3.33. "SMI Security for PKIX Access Descriptor" Registry ....... 23 
3.34. "SMI Security for PKIX Online Certificate Status 
Protocol «COCSP):? Registry oF i se aaaea a aa Ae ee Ss BAN deaths 24 
4 SCUrIRY considerations Jenewa el Siey eee de aye bs oti Sie erage es ose, eles le ce eliene elses 24 
Ds References ea pana ara lee e aire AEE S o Giver ohana forte, ok E oS Se E tan ths Tanne aN geese aN 25 
Sse NOrmMative: REfErenCe’S’: dane ect siento spor ose cuca and swears OS Sead cree he 25 
52s Informative “References 2s bce tec des ae Pe eee ee ee 25 
Acknowledgements sise ede eee os asea a Gidl eaa a elas owes e Ble Se es el ew alas 30 
1. Introduction 


When the Public-Key Infrastructure using X.509 (PKIX) Working Group 
was chartered, an object identifier arc was allocated by IANA for use 
by that working group. These object identifiers are primarily used 
with Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97] 
[ASN1-08]. The ASN.1 specifications continue to evolve, but object 
identifiers can be used with any and all versions of ASN.1. 


The PKIX object identifier arc is: 


id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization (3) 
dod(6) internet (1) security(5) mechanisms(5) pkix(7) } 


This document describes the object identifiers that were assigned in 
the PKIX arc, returns control of the PKIX arc to IANA, and 
establishes IANA allocation policies for any future assignments 
within the PKIX arc. 


2. Subordinate Object Identifier Arcs 
Twenty-five subordinate object identifier arcs were used, numbered 
from 0 to 23 and 48. In addition, there are seven subordinate arcs. 


They were assigned as follows: 


-- Module identifiers 
id-mod OBJECT IDENTIFIER ::= { id-pkix 0 } 


-—-— PKIX certificate extensions 
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 


-- Policy qualifier types 
id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 
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-- Extended key purpose identifiers 
id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 


-- CMP information types 
id-it OBJECT IDENTIFIER ::= { id-pkix 4 } 


—- CRMF registration 
id-pkip OBJECT IDENTIFIER ::= { id-pkix 5 } 


—- CRMF registration controls 
id-regCtrl OBJECT IDENTIFIER ::= { id-pkix 5 1 } 


—- CRMF registration information 
id-regInfo OBJECT IDENTIFIER ::= { id-pkix 5 2 } 


-- Algorithms 
id-alg OBJECT IDENTIFIER 


{ id-pkix 6 } 


-- CMC controls 
id-cmc OBJECT IDENTIFIER 


{ id-pkix 7 } 


-- CMC GLA Requests and Responses 
id-cmc-glaRR OBJECT IDENTIFIER ::= { id-pkix 7 99 } 


-- Other name forms 
id-on OBJECT IDENTIFIER ::= { id-pkix 8 } 


-—- Personal data attribute 
id-pda OBJECT IDENTIFIER 


{ id-pkix 9 } 


-—- Attribute certificate attributes 
id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } 


—— Qualified certificate statements 
id-qes OBJECT IDENTIFIER ::= { id-pkix 11 } 


-- CMC content types 
id-cct OBJECT IDENTIFIER ::= { id-pkix 12 } 


-- OIDs for TESTING ONLY 
id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } 


-—- Certificate policies 
id-cp OBJECT IDENTIFIER ::= { id-pkix 14 } 


-- CMC error types 
id-cet OBJECT IDENTIFIER ::= { id-pkix 15 } 
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-—- Revocation information types 


id-ri 


-—- SCVP 
id-sct 


-- SCVP 
id-swb 


== SCVP 
id-svp 


-- SCVP 
id-nvae 


-—- SCVP 
id-bvae 


=> SEVP 


OBJECT IDENTIFIER 


check type 
OBJECT IDENTIFIER 


want back types 
OBJECT IDENTIFIER 


validation policies 
OBJECT IDENTIFIER 


::= { id-pkix 


::= { id-pkix 


:= { id-pkix 


{ id-pkix 


name validation policy errors 


OBJECT IDENTIFIER 


basic validation policy errors 


OBJECT IDENTIFIER 


distinguished name validation policy errors 


id-dnvae OBJECT IDENTIFIER 


-—- Other logotype identifiers 


id-logo OBJECT IDENTIFIER ::= { id-pkix 20 
-—- Proxy certificate policy languages 
id-ppl OBJECT IDENTIFIER ::= { id-pkix 21 
-- Matching rules 

id-mr OBJECT IDENTIFIER ::= { id-pkix 22 
-—- Subject key identifier semantics 
id-skis OBJECT IDENTIFIER ::= { id-pkix 23 
-- Access descriptors 

id-ad OBJECT IDENTIFIER ::= { id-pkix 48 
-—- Online Certificate Status Protocol 
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-pkix 48 1 } 


16 


17 


18 


19 


::= { id-pkix 19 2 } 


::= { id-pkix 19 3 } 


::= { id-pkix 19 4 } 
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The values assigned in each of these subordinate object identifier 
arcs are discussed in the next section. 
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3. IANA Considerations 
IANA has updated one registry table and created 33 additional tables. 
Updates to the new tables are to be made according to the 
Specification Required policy as defined in [RFC5226]. The expert is 
expected to ensure that any new values are strongly related to the 
work that was done by the PKIX Working Group. That is, additional 
object identifiers are to be related to X.509 certificates, X.509 
attribute certificates, X.509 certificate revocation lists (CRLs), or 
protocols associated with them. Object identifiers for other 
purposes should not be assigned in this arc. 
3.1. Update to "SMI Security for Mechanism Codes" Registry 
The reference for the Public Key Infrastructure using X.509 (PKIX) 
entry (decimal value 7) has been updated to point to this document. 
3.2. "SMI Security for PKIX" Registry 
Within the SMI-numbers registry, a "PKIX (1.3.6.1.5.5.7)" table with 
three columns has been added: 
Decimal Description References 
0 Module identifiers [RFC7299] 
1 PKIX certificate extensions [RFC7299] 
2 Policy qualifier types [RFC7299] 
3 Extended key purpose identifiers [RFC7299] 
4 CMP information types [RFC7299] 
5 CRMF registration [RFC7299] 
6 Algorithms [RFC7299] 
7 CMC controls [RFC7299] 
8 Other name forms [RFC7299] 
9 Personal data attribute [RFC7299] 
10 Attribute certificate attributes [RFC7299] 
11 Qualified certificate statements [RFC7299] 
T2 CMC content types [RFC7299] 
13 OIDs for TESTING ONLY [RFC7299] 
14 Certificate policies [RFC7299] 
15 CMC error types [RFC7299] 
16 Revocation information types [RFC7299] 
1:7 SCVP check type [RFC7299] 
18 SCVP want back types [RFC7299] 
19 SCVP validation policies [RFC7299] 
20 Other logotype identifiers [RFC7299] 
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22 
23 
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Proxy certificate policy languages 


Matching rules 


Subject key identifier semantics 


Access descriptors 


July 2014 


[RFC7299] 
[RFC7299] 
[RFC7299] 
[RFC7299] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.3. "SMI Security for PKIX Module Identifier" Registry 


Within the SMI-numbers registry, 
Identifier 


added: 


Housley 


an "SMI Security for PKIX Module 


(1.3.6.1.5.5.7.0)" table with three columns has been 


Description 


id-pkixl-explicit-—88 
id-pkixl-implicit-—88 
id-pkixl-explicit-—93 
id-pkixl-implicit-93 
id-mod-crmf 

id-mod-cmc 
id-mod-kea-profile-88 
id-mod-kea-profile-93 
id-mod-cmp 
id-mod-qualified-cert-88 
id-mod-qualified-cert-93 
id-mod-attribute-cert 
id-mod-tsp 

id-mod-ocsp 

id-mod-dvcs 
id-mod-cmp2000 
id-mod-pkixl-algorithms 
id-mod-pkixl-explicit 
id-mod-pkixl-implicit 
id-mod-user-group 
id-mod-scvp 
id-mod-logotype 
id-mod-cmc2002 
id-mod-wlan-extns 
id-mod-proxy-cert-—extns 
id-mod-ac-policies 
id-mod-warranty-extn 
id-mod-perm-id-88 
id-mod-perm-id-93 
id-mod-ip-addr-and-as-—ident 
id-mod-qualified-cert 
id-mod-crmf2003 


Informational 


References 


[RFC2459] 
[RFC2459] 
[RFC2459] 
[RFC2459] 
[RFC2511] 
[RFC2797] 
[RFC2528] 
[RFC2528] 
[RFC2510] 
[RFC3039] 
[RFC3039] 
[RFC3281] 
[RFC3161] 
[RFC3029] 
[RFC3029] 
[RFC4210] 
[RFC3279] 
[RFC3280] 
[RFC3280] 


Reserved and Obsolete 


[RFC5055] 
[RFC3709] 
[RFC5272] 
[RFC3770] 
[RFC3820] 
[RFC4476] 
[RFC4059] 
[RFC4043] 
[RFC4043] 
[RFC3779] 
[RFC3739] 


Reserved and Obsolete 
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33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
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id-mod-pkixl-rsa-pkalgs 
id-mod-cert-bundle 
id-mod-qualified-cert-97 
id-mod-crmf2005 
id-mod-wlan-extns2005 
id-mod-sim2005 
id-mod-dns-srv-name-88 
id-mod-dns-srv-name-93 
id-mod-cmsContentConstr-88 
id-mod-cmsContentConstr-93 
id-mod-pkixCommon 
id-mod-pkixOtherCerts 
id-mod-pkixl-algorithms2008 
id-mod-clearanceConstraints 
id-mod-attribute-cert-—02 
id-mod-ocsp-02 
id-mod-vilAttrCert-02 
id-mod-cmp2000-02 
id-mod-pkixl-explicit-—02 
id-mod-scvp-02 
id-mod-cmc2002-02 
id-mod-pkix1l-rsa-pkalgs-—02 
id-mod-crmf2005-02 
id-mod-pkixl-algorithms2008-02 
id-mod-pkixCommon-02 
id-mod-algorithmInformation-02 
id-mod-pkixl-implicit-—02 
id-mod-pkix1-x400address-—02 
id-mod-attribute-cert-—v2 
id-mod-sip-domain-extns2007 
id-mod-cms-otherRIs-—2009-88 
id-mod-cms-otherRIs-—2009-93 
id-mod-ecprivatekey 
id-mod-ocsp-agility-—2009-93 
id-mod-ocsp-agility—2009-88 
id-mod-logotype-certimage 
id-mod-pkcs10-2009 
id-mod-dns-resource-record 
id-mod-send-cert-—extns 
id-mod-ip-addr-and-as-—ident-2 
id-mod-wlan-extns-2 
id-mod-hmac 
id-mod-enrollMsgSyntax-2011-88 
id-mod-enrollMsgSyntax-2011-08 
id-mod-pubKeySMIMECaps—88 
id-mod-pubKeySMIMECaps—08 
id-mod-dhSign-2012-88 
id-mod-dhSign-2012-08 


Informational 


[RFC4055] 
[RFC4306] 
[RFC3739] 
[RFC4210] 
[RFC4334] 
[RFC4683] 
[RFC4985] 
[RFC4985] 
[RFC6010] 
[RFC6010] 


July 2014 


Reserved and Obsolete 


[RFC5697] 
[RFC5480] 
[RFC5913] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5912] 
[RFC5755] 
[RFC5924] 
[RFC5940] 
[RFC5940] 
[RFC5915] 
[RFC6277] 
[RFC6277] 
[RFC6170] 
[RFC5912] 
[Abley] 

[RFC6494] 
[RFC6268] 
[RFC6268] 
[RFC6268] 
[RFC6402] 
[RFC6402] 
[RFC6664] 
[RFC6664] 
[RFC6955] 
[RFC6955] 


[Err3860] 
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83 
84 
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id-mod-ocsp-2013-88 
id-mod-ocsp-2013-08 
id-mod-TEST-certPolicies 
id-mod-bgpsec-eku 


[RFC6960] 
[RFC6960] 
[RFC7229] 
[BGPSEC] 


July 2014 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


Within the SMI-numbers registry, 
Certificate Extension 


been added: 


(L356 R R N S D 


Description 


id-pe-authorityInfoAccess 
id-pe-biometricInfo 
id-pe-qcStatements 
id-pe-ac-auditIdentity 
id-pe-ac-targeting 
id-pe-aaControls 
id-pe-ipAddrBlocks 
id-pe-autonomousSysIds 
id-pe-sbgp-routerIdentifier 
id-pe-ac-proxying 
id-pe-subjectInfoAccess 
id-pe-logotype 
id-pe-wlanSSID 
id-pe-proxyCertInfo 
id-pe-acPolicies 
id-pe-warranty 

id-pe-sim 
id-pe-cmsContentConstraints 
id-pe-otherCerts 
id-pe-wrappedApexContinkey 
id-pe-clearanceConstraints 
id-pe-skiSemantics 
id-pe-nsa 


"SMI Security for PKIX Certificate Extension" Registry 


References 


[RFC2459] 
[RFC3039] 
[RFC3039] 
[RFC3281] 
Reserved and 
[RFC3281] 
[RFC3779] 
[RFC3779] 
Reserved and 
[RFC3281] 
[RFC3280] 
[RFC3709] 
[RFC4334] 
[RFC3820] 
[RFC4476] 
[RFC4059] 
Reserved and 
[RFC6010] 
[RFC5697] 
[RFC5934] 
[RFC5913] 
Reserved and 
[RFC7169] 


Future updates to this table are to be made according to 
Specification Required policy as defined in [RFC5226]. 
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an "SMI Security for PKIX 
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Obsolete 


Obsolete 


Obsolete 


the 
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3.5. "SMI Security for PKIX Policy Qualifier" Registry 


Within the SMI-numbers registry, an "SMI 
Qualifier Identifiers (1.3.6.1.5.5.7.2)" 


been added: 


Decimal 


Description 


id-qt-cps 
id-qt-unotice 
id-qt-textNotice 
id-qt-acps 
id-qt-acunotice 


Security for PKIX Policy 
table with three columns has 


References 

[RFC2459] 

[RFC2459] 

Reserved and Obsolete 
[RFC4476] 

[RFC4476] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.6. "SMI Security for PKIX Extended Key Purpose" Registry 


Within the SMI-numbers registry, an "SMI 


Key Purpose Identifiers 


has been added: 
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id-kp-serverAuth 
id-kp-clientAuth 
id-kp-codeSigning 
id-kp-emailProtection 
id-kp-ipsecEndSystem 
id-kp-ipsecTunnel 
id-kp-ipsecUser 
id-kp-timeStamping 
id-kp-OCSPSigning 
id-kp-dvcs 
id-kp-sbgpCertAAServerAuth 
id-kp-scvp-responder 
id-kp-eapOverPPP 
id-kp-eapOverLAN 
id-kp-scvpServer 
id-kp-scvpClient 
id-kp-ipsecIKE 
id-kp-capwapAC 
id-kp-capwapWTP 
id-kp-sipDomain 
id-kp-secureShellClient 
id-kp-secureShellServer 
id-kp-sendRouter 


Informational 


Security for PKIX Extended 


(1.3.6.1.5.5.7.3)" table with three columns 


References 

[RFC2459] 

[RFC2459] 

[RFC2459] 

[RFC2459] 

Reserved and Obsolete 
Reserved and Obsolete 
Reserved and Obsolete 
[RFC2459] 

[RFC2560] 

[RFC3029] 

Reserved and Obsolete 
Reserved and Obsolete 
[RFC4334] 

[RFC4334] 

[RFC5055] 

[RFC5055] 

[RFC4945] 

[RFC5415] 

[RFC5415] 

[RFC5924] 

[RFC6187] 

[RFC6187] 

[RFC6494] 
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25 
26 
27 
28 
29 
30 


Future updates to this table are to be made 
Specification Required policy as defined in 
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id-kp-sendProxiedRouter 
id-kp-sendOwner 
id-kp-sendProxiedOwner 
id-kp-cmcCA 

id-kp-cmcRA 
id-kp-cmcArchive 
id-kp-bgpsec-router 


[RFC6494] 
[RFC6494] 
[RFC6494] 
[RFC6402] 
[RFC6402] 
[RFC6402] 
[BGPSEC] 


according to the 
[RFC5226]. 


3.7. "SMI Security for PKIX CMP Information Types" Registry 


Within the SMI-numbers registry, 


July 2014 


an "SMI Security for PKIX CMP 


Information Types (1.3.6.1.5.5.7.4)" table with three columns has 


been added: 


Future updates to this table are to be made 
Specification Required policy as defined in 


Housley 


Description 


id-it-caProtEncCert 
id-it-signKeyPairTypes 
id-it-encKeyPairTypes 
id-it-preferredSymmAlg 
id-it-cakeyUpdatelInfo 
id-it-currentCRL 
id-it-unsupportedOIDs 
id-it-subscriptionRequest 
id-it-subscriptionResponse 
id-it-keyPairParamReq 
id-it-keyPairParamRep 
id-it-revPassphrase 
id-it-implicitConfirm 
id-it-confirmWaitTime 
id-it-origPKIMessage 
id-it-suppLangTags 


Informational 


References 
[RFC2510] 
[RFC2510] 
[RFC2510] 
[RFC2510] 
[RFC2510] 
[RFC2510] 
[RFC4210] 
Reserved and Obs 
Reserved and Obs 
[RFC4210] 
[RFC4210] 
[RFC4210] 
[RFC4210] 
[RFC4210] 
[RFC4210] 
[RFC4210] 


according to the 
[RFC5226]. 


olete 
olete 
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3.8. "SMI Security for PKIX CRMF Registration" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX CRMF 
Registration (1.3.6.1.5.5.7.5)" table with three columns has been 
added: 


Decimal Description References 
1 id-regCtrl [RFC2511] 
2 id-regInfo [RFC2511] 
3 id-regEPEPSI [RFC4683] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.9. "SMI Security for PKIX CRMF Registration Controls" Registry 
Within the SMI-numbers registry, an "SMI Security for PKIX CRMF 


Registration Controls (1.3.6.1.5.5.7.5.1)" table with three columns 
has been added: 


Decimal Description References 

1 id-regCtrl-regToken [RFC2511] 

2 id-regCtrl-authenticator [RFC2511] 

3 id-regCtrl-pkiPublicationInfo [RFC2511] 

4 id-regCtrl-pkiArchiveOptions [RFC2511] 

5 id-regCtrl-oldCertID [RFC2511] 

6 id-regCtrl-protocolEncrKey [RFC2511] 

7 id-regCtrl-altCertTemplate [RFC4210] 

8 id-regCtrl-wtlsTemplate Reserved and Obsolete 
9 id-regCtrl-regTokenUTF8 Reserved and Obsolete 
10 id-regCtrl-authenticatorUTF8 Reserved and Obsolete 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.10. "SMI Security for PKIX CRMF Registration Information" Registry 


Within the SMI-numbers registry, add an "SMI Security for PKIX CRMF 
Registration Information (1.3.6.1.5.5.7.5.2)" table with three 


columns: 
Decimal Description References 
I id-regInfo-utf8Pairs [RFC2511] 
2 id-regInfo-certReq [RFC2511] 
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Future updates to this table are to be made according to the 


Specification Required policy as defined in [RFC5226]. 


3.11. "SMI Security for PKIX Algorithms" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Algorithms 


(1.3.6.1.5.5.7.6)" table with three columns has been added: 


Decimal Description References 


id-alg-des40 Reserved and Obsolete 


1 

2 id-alg-noSignature 

3 id-alg-dh-sig-hmac-shal 
4 id-alg-dhPop-shal 

3 id-alg-dhPop-sha224 

6 id-alg-dhPop-sha256 

7 id-alg-dhPop-sha384 


8 id-alg-dhPop-sha512 

15 id-alg-dhPop-static-sha224-hmac-sha224 
16 id-alg-dhPop-static-sha256-hmac-sha256 
17 id-alg-dhPop-static—sha384-hmac-—sha384 
18 id-alg-dhPop-static-—sha512-hmac-—sha512 
25 id-alg-ecdhPop-static-sha224-hmac-sha224 
26 id-alg-ecdhPop-static-—sha256-hmac-—sha256 
27 id-alg-ecdhPop-static-—sha384-hmac-—sha384 
28 id-alg-ecdhPop-static-sha512-hmac-sha512 


Note: id-alg-dhPop-shal is also known as id-alg-dh-pop. 


Note: id-alg-dh-sig-hmac-shal is also known as 
id-alg-dhPop-static-shal-hmac-shal and 
id-dhPop-static—hmac-shal. 


[RFC2797] 
[RFC2875] 
[RFC2875] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 
[RFC6955] 


Future updates to this table are to be made according to the 


Specification Required policy as defined in [RFC5226]. 


3.12. "SMI Security for PKIX CMC Controls" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX CMC 


Controls (1.3.6.1.5.5.7.7)" table with three columns has been added: 


Decimal Description References 
1 id-cmc-statusInfo [RFC2797] 
2 id-cmc-identification [RFC2797] 
3 id-cmc-identityProof [RFC2797] 
4 id-cmc-dataReturn [RFC2797] 
5 id-cmc-transactionId [RFC2797] 
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Note: 


PKIX OID Registry 


id-cmc-senderNonce 
id-cmc-recipientNonce 
id-cmc-addExtensions 
id-cmc-encryptedPOP 
id-cmc-decryptedPOP 
id-cmc-lraPOPWitness 
id-cmc-getCert 
id-cmc-getCRL 
id-cmc-revokeRequest 
id-cmc-regInfo 
id-cmc-responselInfo 
id-cmc-queryPending 
id-cmc-popLinkRandom 
id-cmc-popLinkWitness 
id-cmc-confirmCertAcceptance 
id-cmc-statusInfov2 
id-cmc-trustedAnchors 
id-cmc-authData 
id-cmc-batchRequests 
id-cmc-—batchResponses 
id-cmc-publishCert 
id-cmc-modCertTemplate 
id-cmc-controlProcessed 
id-cmc-popLinkWitnessVv2 
id-cmc-identityProofVv2 
id-cmc-raIdentityWitness 
id-cmc-changeSubjectName 
id-cmc-responseBody 
id-cmc-glaRR 


[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC2797] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC5272] 
[RFC6402] 
[RFC6402] 
[RFC6402] 
[RFC5275] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


313; 


Within the SMI-numbers registry, 
Requests and Responses 


has been added: 


Decimal 


Future updates to this table are to be made 
Specification Required policy as defined in 


Housley 


Description 


id-cmc-gla-skdAlgRequest 
id-cmc-gla-skdAlgResponse 


Informational 


table with thre 


References 


[RFC5275] 
[RFC5275] 


according to the 
[RFC5226]. 


July 2014 


id-cmc-statusInfo is also known as id-cmc-cMCStatusInfo. 


"SMI Security for PKIX CMC GLA Requests and Responses" Registry 


an "SMI Security for PKIX CMC GLA 
(Tea rba Le Ds ee 99)" 


e columns 
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3.14. "SMI Security for PKIX Other Name Forms" Registry 


Within the SMI-numbers registry, 
(hese6.ck. 55. 1/8) 2 


Forms 


Future updates to this table are to be made 
Specification Required policy as defined in 


Description 


PKIX OID Registry 


July 2014 


an "SMI Security for PKIX Other Name 


table with three columns has been added: 


id-on-personalData 
id-on-userGroup 
id-on-permanentIdentifier 
id-on-hardwareModuleName 
id-on-xmppAddr 


id-on-SIM 


id-on-dnsSRV 


References 


Reserved and Obsolete 
Reserved and Obsolete 


[RFC4043] 
[RFC4108] 
[RFC3920] 
[RFC4683] 
[RFC4985] 


according to the 
[RFC5226]. 


3.15. "SMI Security for PKIX Personal Data Attributes" Registry 


Within the SMI-numbers registry, 
Data Attributes 


added: 


Decimal 


Future updates to this table are to be made 
Specification Required policy as defined in 


Housley 


Description 


C1326. Leo Dah) 


id-pda-dateOfBirth 
id-pda-placeOfBirth 


id-pda-gender 


id-pda-countryOfCitizenship 
id-pda-countryOfResidence 


Informational 


References 


[RFC3039] 
[RFC3039] 
[RFC3039] 
[RFC3039] 
[RFC3039] 


according to the 
[RFC5226]. 


an "SMI Security for PKIX Personal 
table with three columns has been 
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3.16. "SMI Security for PKIX Attribute Certificate Attributes" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Attribute 
Certificate Attributes (1.3.6.1.5.5.7.10)" table with three columns 
has been added: 


Decimal Description References 

1 id-aca-authenticationInfo [RFC3281] 

2 id-aca-accessIdentity [RFC3281] 

3 id-aca-chargingIdentity [RFC3281] 

4 id-aca-group [RFC3281] 

5 id-aca-role Reserved and Obsolete 
6 id-aca-encAttrs [RFC3281] 

7 id-aca-wlanSSID [RFC4334] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.17. "SMI Security for PKIX Qualified Certificate Statements" Registry 
Within the SMI-numbers registry, an "SMI Security for PKIX Qualified 


Certificate Statements (1.3.6.1.5.5.7.11)" table with three columns 
has been added: 


Decimal Description References 
1 id-qces-pkixQCSyntax-vl [RFC3039] 
2 id-qces-pkixQCSyntax-v2 [RFC3739] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.18. "SMI Security for PKIX CMC Content Types" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX CMC 
Content Types (1.3.6.1.5.5.7.12)" table with three columns has been 


added: 
Decimal Description References 
I id-cct-crs Reserved and Obsolete 
2 id-cct-PKIData [RFC2797] 
3 id-cct—PKIResponse [RFC2797] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 
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3.19. "SMI Security for PKIX OIDs Used Only for Testing" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX OIDs used 
Only for Testing (1.3.6.1.5.5.7.13)" table with three columns has 
been added: 


Decimal Description References 
1 id-TEST-certPolicyOne [RFC7229] 
2 id-TEST-certPolicyTwo [RFC7229] 
3 id-TEST-certPolicyThree [RFC7229] 
4 id-TEST-certPolicyFour [RFC7229] 
5 id-TEST-certPolicyFive [RFC7229] 
6 id-TEST-certPolicySix [RFC7229] 
7 id-TEST-certPolicySeven [RFC7229] 
8 id-TEST-certPolicyEBight [RFC7229] 


Note: The object identifiers in this table should not appear on the 
public Internet. These object identifiers are ONLY for 
TESTING. 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.20. "SMI Security for PKIX Certificate Policies" Registry 
Within the SMI-numbers registry, an "SMI Security for PKIX 


Certificate Policies (1.3.6.1.5.5.7.14)" table with three columns has 
been added: 


Decimal Description References 
1 id-cp-sbgpCertificatePolicy Reserved and Obsolete 
2 id-cp-ipAddr-asNumber [RFC6484] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.21. "SMI Security for PKIX CMC Error Types" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX CMC Error 
Types (1.3.6.1.5.5.7.15)" table with three columns has been added: 


Decimal Description References 


1 id-cet-skdFailInfo [RFC5275] 
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Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 

3.22. "SMI Security for PKIX Revocation Information Types" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Revocation 
Information Types (1.3.6.1.5.5.7.16)" table with three columns has 


been added: 
Decimal Description References 
il id-ri-crl [RFC5940] 
2 id-ri-ocsp-response [RFC5940] 
3 id-ri-delta-crl [RFC5940] 
4 id-ri-scvp [RFC5940] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.23. "SMI Security for PKIX SCVP Check Types" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX SCVP Check 
Types (1.3.6.1.5.5.7.17)" table with three columns has been added: 


Decimal Description References 
1 id-stc-build-pkc-path [RFC5055] 
2 id-stc-build-valid-pkc-path [RFC5055] 
3 id-stc-build-status-—checked-pkc-path [RFC5055] 
4 id-stc-build-aa-path [RFC5055] 
5 id-stc-build-valid-aa-path [RFC5055] 
6 id-stc-build-status-—checked-aa-path [RFC5055] 
T id-stc-status-check-ac-and-build-status-checked-aa-path 
[RFC5055] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 
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3.24. "SMI Security for PKIX SCVP Want Back Types" Registry 


Within the SMI-numbers registry, 
Back Types 


added: 


Future updates to this table are to be made 
Specification Required policy as defined in 


Housley 


PKIX OID Registry 


July 2014 


an "SMI Security for PKIX SCVP Want 


(1.3.6.1.5.5.7.18)" table with three columns has been 


Description 


id-swb-pkc—best-cert-path 
id-swbh-pkc-revocation-info 
id-swb-pkc-cert-status 
id-swb-pkc-public-—key-info 
id-swb-aa-cert-path 
id-swb-aa-revocation-info 
id-swb-ac-revocation-info 
id-swb-ac-—cert-status 
id-swb-relayed-responses 
id-swb-pkc-cert 
id-swb-ac-—cert 
id-swb-pkc-all-cert-—paths 


id-swb-pkc-ee-revocation-info 
id-swb-pkc-CAs-revocation-info 


id-swb-partial-cert-path 
id-swb-ers-pkc-cert 
id-swb-ers-—best-cert-path 


id-swb-ers-partial-cert-path 


id-swb-ers-revocation-info 
id-swbh-ers-all 


Informational 


References 


[RFC5055] 
[RFC5055] 


Reserved and Obsolete 


[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5055] 


Reserved and Obsolete 


[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5276] 
[RFC5276] 
[RFC5276] 
[RFC5276] 
[RFC5276] 
[RFC5276] 


according to the 
[RFC5226]. 
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3:32 9% 
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Registry 


Within the SMI-numbers registry, 
Validation Policies and Algorithms 


three columns has been added: 
Decimal Description References 
1 id-svp-defaultValPolicy [RFC5055] 
2 id-svp-nameValAlg [RFC5055] 
3 id-svp-basicValAlg [RFC5055] 
4 id-svp-dnValAlg [RFC5055] 
Note: id-svp-nameValAlg is also known as id-nvae. 


Note: 


Note: 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


326z 


id-svp-basicValAlg is also known as id-bvae. 


July 2014 


"SMI Security for PKIX SCVP Validation Policies and Algorithms" 


an "SMI Security for PKIX SCVP 


(1.3.6.1.5.5.7.19)" table with 


id-svp-dnValAlg is also known as id-dnvae and id-nva-dnCompAlg. 


Registry 


Within the SMI-numbers registry, 
Validation Policy Errors 


columns has been added: 


Future updates to this table are to be made 
Specification Required policy as defined in 


Housley 


id-nvae-name-mismatch 
id-nvae-no-name 
id-nvae-unknown-alg 
id-nvae-bad-name 
id-nvae-bad-name-type 
id-nvae-mixed-names 


Informational 


E E R E EESE E EE E A 


References 


[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5055] 
[RFC5055] 


according to the 
[RFC5226]. 


"SMI Security for PKIX SCVP Name Validation Policy Errors" 


an "SMI Security for PKIX SCVP Name 
table with three 
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36:2 ls 


With 
Vali 


9 PKIX OID Registry July 2014 
"SMI Security for PKIX SCVP Basic Validation Policy Errors" 
Registry 


in the SMI-numbers registry, an "SMI Security for PKIX SCVP Basic 
dation Policy Errors (1.3.6.1.5.5.7.19.3)" table with three 


columns has been added: 


Futu 
Spec 


3.28. 
With 
Dist 
tabl 


D 


Note 


Futu 
Spec 


Housley 


ecimal Description References 
id-bvae-expired [RFC5055] 
id-bvae-not-yet-valid [RFC5055] 
id-bvae-wrongTrustAnchor [RFC5055] 
id-bvae-noValidCertPath [RFC5055] 
id-bvae-revoked [RFC5055] 
id-bvae-invalidKeyPurpose [RFC5055] 

0 id-bvae-invalidKeyUsage [RFC5055] 

I id-bvae-invalidCertPolicy [RFC5055] 

2 id-bvae-invalidName Reserved and Obsolete 

3 id-bvae-invalidEntity Reserved and Obsolete 

4 id-bvae-invalidPathDepth Reserved and Obsolete 

re updates to this table are to be made according to the 


ification Required policy as defined in [RFC5226]. 


"SMI Security for PKIX SCVP Distinguished Name Validation Policy 
Errors" Registry 


in the SMI-numbers registry, an "SMI Security for PKIX SCVP 
inguished Name Validation Policy Errors (1.3.6.1.5.5.7.19.4)" 


e with three columns has been added: 


ecimal Description References 


: This table is currently empty. 


re updates to this table are to be made according to the 
ification Required policy as defined in [RFC5226]. 
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3.29. "SMI Security for PKIX Other Logotype Identifiers" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Other 
Logotype Identifiers (1.3.6.1.5.5.7.20)" table with three columns has 


been added: 
Decimal Description References 
1 id-logo-loyalty [RFC3709] 
2 id-logo-background [RFC3709] 
3 id-logo-certImage [RFC6170] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.30. "SMI Security for PKIX Proxy Certificate Policy Languages" 
Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Proxy 
Certificate Policy Languages (1.3.6.1.5.5.7.21)" table with three 
columns has been added: 


Decimal Description References 
0 id-ppl-anyLanguage [RFC3820] 
1 id-ppl-inheritAll [RFC3820] 
2 id-ppl-independent [RFC3820] 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.31. "SMI Security for PKIX Proxy Matching Rules" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Proxy 
Matching Rules (1.3.6.1.5.5.7.22)" table with three columns has been 


added: 
Decimal Description References 
1 id-mr-pkix-alphanum-ids Reserved and Obsolete 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 
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3.32. "SMI Security for PKIX Subject Key Identifier Semantics" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Subject 
Key Identifier Semantics (1.3.6.1.5.5.7.23)" table with three columns 
has been added: 


Decimal Description References 

1 id-skis-keyHash Reserved and Obsolete 
2 id-skis-—4BitKeyHash Reserved and Obsolete 
3 id-skis-keyInfoHash Reserved and Obsolete 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


3.33. "SMI Security for PKIX Access Descriptor" Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Access 
Descriptor (1.3.6.1.5.5.7.48)" table with three columns has been 


added: 

Decimal Description References 

1 id-ad-ocsp [RFC2459] 

2 id-ad-caIssuers [RFC2459] 

3 id-ad-timestamping [RFC3161] 

4 id-ad-dvcs [RFC3029] 

5 id-ad-caRepository [RFC3280] 

6 id-ad-http-certs [RFC4387] 

7 id-ad-http-crls [RFC4387] 

8 id-ad-xkms Reserved and Obsolete 
9 id-ad-signedObjectRepository Reserved and Obsolete 
10 id-ad-rpkiManifest [RFC6487] 

EL id-ad-signedObject [RFC6487] 

12 id-ad-cmc [RFC6402] 


Note: id-ad-ocsp is also known as id-pkix-—ocsp. 


Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 
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3.34. "SMI Security for PKIX Online Certificate Status Protocol (OCSP)" 
Registry 


Within the SMI-numbers registry, an "SMI Security for PKIX Online 
Certificate Status Protocol (OCSP) (1.3.6.1.5.5.7.48.1)" table with 
three columns has been added: 


Decimal Description References 
1 id-pkix-ocsp-basic [RFC2560] 
2 id-pkix-ocsp-nonce [RFC2560] 
3 id-pkix-ocsp-crl [RFC2560] 
4 id-pkix-—ocsp-response [RFC2560] 
5 id-pkix-ocsp-nocheck [RFC2560] 
6 id-pkix-ocsp-archive-cutoff [RFC2560] 
7 id-pkix-ocsp-service-locator [RFC2560] 
8 id-pkix-ocsp-pref-sig-algs [RFC6277] 
9 id-pkix-—ocsp-extended-revoke [RFC6960] 
Future updates to this table are to be made according to the 
Specification Required policy as defined in [RFC5226]. 


4. Security Considerations 
This document populates an IANA registry, and it raises no new 
security considerations. The protocols that specify these values 


include the security considerations associated with their usage. 


The id-pe-nsa certificate extension should not appear in any 
certificate that is used on the public Internet. 
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